You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I have verified all of my SDK modules are up-to-date (you can perform a bulk update with go get -u github.com/aws/aws-sdk-go-v2/...)
Describe the bug
I ran into an interesting set of behaviour trying to debug why something using the aws-sdk-go-v2 was resulting in different AWS credentials being used under identical circumstances as awscliv2. After some pretty extensive debugging I found this particular section of code in botocore.
This code appears to disable the Environment Variables provider in the Python SDK when AWS_PROFILE is set. This does not happen in aws-sdk-go-v2. It's not clear to me which SDK is performing the correct behaviour.
Regression Issue
Select this option if this issue appears to be a regression.
Expected Behavior
Setting AWS_PROFILE should take precedence over AWS_ROLE_ARN and AWS_WEB_IDENTITY_TOKEN_FILE as it does with botocore and awscli when using the default credential chains.
Current Behavior
Setting AWS_PROFILE has no effect when AWS_ROLE_ARN and AWS_WEB_IDENTITY_TOKEN_FILE are both set, and no warning or error is displayed warning the user that the usage of AWS_PROFILE was ineffective.
Reproduction Steps
This can be reproduced with code like the following
and setting the AWS_ROLE_ARN, AWS_PROFILE and AWS_WEB_IDENTITY_TOKEN_FILE environment variables. Regardless of what AWS_PROFILE is set to, the Web Identity credentials will be used and no error will be raised.
Possible Solution
The go SDK should mirror the behaviour of botocore, allowing AWS_PROFILE to override other credentials set via environment variables.
Additional Information/Context
I was able to address this by changing the code to
Thanks for reaching out.
You are right in making this point but there is no default behavior which SDK's should follow. For the botocore it might be the case to give more precedence to AWS_PROFILE but it is not a universal said rule for other SDK's.
It will stay the same until any further communication.
This issue is now closed. Comments on closed issues are hard for our team to see.
If you need more assistance, please open a new issue that references this one.
Acknowledgements
go get -u github.com/aws/aws-sdk-go-v2/...
)Describe the bug
I ran into an interesting set of behaviour trying to debug why something using the aws-sdk-go-v2 was resulting in different AWS credentials being used under identical circumstances as
awscliv2
. After some pretty extensive debugging I found this particular section of code in botocore.This code appears to disable the Environment Variables provider in the Python SDK when
AWS_PROFILE
is set. This does not happen inaws-sdk-go-v2
. It's not clear to me which SDK is performing the correct behaviour.Regression Issue
Expected Behavior
Setting
AWS_PROFILE
should take precedence overAWS_ROLE_ARN
andAWS_WEB_IDENTITY_TOKEN_FILE
as it does withbotocore
andawscli
when using the default credential chains.Current Behavior
Setting
AWS_PROFILE
has no effect whenAWS_ROLE_ARN
andAWS_WEB_IDENTITY_TOKEN_FILE
are both set, and no warning or error is displayed warning the user that the usage ofAWS_PROFILE
was ineffective.Reproduction Steps
This can be reproduced with code like the following
and setting the
AWS_ROLE_ARN
,AWS_PROFILE
andAWS_WEB_IDENTITY_TOKEN_FILE
environment variables. Regardless of whatAWS_PROFILE
is set to, the Web Identity credentials will be used and no error will be raised.Possible Solution
The go SDK should mirror the behaviour of
botocore
, allowingAWS_PROFILE
to override other credentials set via environment variables.Additional Information/Context
I was able to address this by changing the code to
but it feels like the different SDKs should have similar behaviour
AWS Go SDK V2 Module Versions Used
go.mod
contents forgithub.com/aws/*
Compiler and Version used
go1.22.1
Operating System and version
n/a
The text was updated successfully, but these errors were encountered: